Building a successful security awareness program starts with education. Phishing simulation campaigns are a great way to kick-off your program, implement ongoing training and keep your employees sharp while identifying additional training needs. Can you spot phishy indicators? Below are a few of our most popular phishing templates used by our clients; see if you can recognize what’s phishy before reading the hints. Email #1 Drive-By Attack From: Hilton Orlando hilton-orlando@encyrpt-mail.net Subject: You Deserve a Vacation – Take One on Us! Hi Joe, Have you heard the news? Hilton Orlando has partnered with the Madison Chamber of Commerce to give one lucky Madison resident an all-expenses-paid vacation to one of the most magical destinations in the world! Enter to Win! You deserve a vacation this summer. Enter for your chance to win:
A four-night stay at Hilton Orlando Eight theme park tickets to Walt Disney World Resort Rental vehicle access for five days
Hurry! The 2018 Hilton Orlando’s Summer Getaway Sweepstakes ends 7/31. Enter today to win the Orlando getaway of your dreams! Learn More Good Luck! Merida White Hilton Orlando Client Relations What’s phishy about this email?
The offer is too good to be true. Any time an email subject is offering free goods or services raise your suspicions These links don’t tell you where they lead. Hackers use link masking to hide the actual URL of the link. Most browsers will display the true link by hovering the mouse pointer over it The personal touches. It is easy to find company logos, signatures and position titles from the internet, and hackers use this to their advantage to make phishing emails look more legitimate and target their victims
Email #2 Attachment Attack From: Dropbox Subject: Michael Schmidt wants to share “schmidt_2018_1040.pdf” with you Michael Schmidt invited you to a Dropbox shared folder called “schmidt_2018_1040.pdf” and left you this message: “FYI” Download Folder What’s phishy about this email?
Do you know Michael Schmidt? It’s easy for hackers to look up employee directories, many are available online If you do know Michael, do you work with him regularly? Out of the blue correspondence is a phishing red flag Scrutinize the email, from Dropbox and “FYI” as a file name is vague and unclear. Hackers purposefully titillate, giving just enough to entice you further to click and see for yourself
Email #3 Business Email Compromise Attack From: Samsung mail samsung@strong-encryption.com Subject: Failed payment Hey Joe, I just tried making a payment with our corporate credit card and it didn’t go through. The number is correct I think. Did we get a new card? Maybe the expiration date or code is different? Can you send me this info quick? I need to get this taken care of today or we’ll be fined. Thanks, Jenna Hulbert Account Manager Sent from my Samsung Galaxy smartphone What’s phishy about this email?
The sender appears to be an account manager. Inspect the sender line, the email is from Samsung mail, and the @strong-encryption is a phishy domain A manager is requesting sensitive information via email. You should never share confidential information via email, and any manager would be familiar with this commonplace company policy There’s a sense of urgency and pressure for you to act quickly. The short timeline and financial consequence is designed to create anxiety, so you respond with the information before you have a chance to think it through
SecurityIQ’s phishing simulator includes 1,000s of phishing templates in a variety of attack types and difficulty levels. Our customizable templates make training fun, interactive and engaging while building a culture of security awareness for your organization. Teach your team to detect phishing like a pro! Start your free trial.
